Category Archives: Security
Security
Critical Patch Update – January 2005
Critical Patch Update – October 2005
Critical Patch Update – July 2005
CVE-2005-1349
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. (CVSS:7.5) (Last Update:2010-04-02)
CVE-2005-0485 (panews)
Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.
CVE-2005-0477 (invision_power_board)
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
CVE-2005-0453
The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. (CVSS:5.0) (Last Update:2008-09-05)
CVE-2003-0618
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. (CVSS:2.1) (Last Update:2008-09-05)
CVE-2003-1365
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) “” (backslash), (2) “?”, (3) “~” (tilde), (4) “^” (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. (CVSS:5.0) (Last Update:2008-09-05)